BlackBerry 10 OS must enable a system administrator to (i) select which data fields will be available to applications outside of the contact database application and (ii) limit the number of contact database fields accessible outside of a work persona in the case of dual persona phones.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47229 | BB10-2X-000430 | SV-60101r2_rule | Low |
| Description |
|---|
| The contact database often contains a significant amount of information beyond each person's name and phone number. The records may contain addresses and other identifying or sensitive information that should not be revealed. There may be cases in which an organization has determined it is an acceptable risk to distribute parts of a person's contact record but not others. Enabling the system administrator to select which fields are available outside the contact database application (or to applications outside the work persona in the case of a dual persona device) assists with management of the risk. |
| STIG | Date |
|---|---|
| BlackBerry 10.2.x OS Security Technical Implementation Guide | 2015-07-02 |
Details
| Check Text ( C-50055r2_chk ) |
|---|
| On BlackBerry Device Service: Ensure the IT Policy rule "Personal Apps Access to Work Contacts" is set to "Only BlackBerry Apps". Otherwise, this is a finding. |
| Fix Text (F-50933r2_fix) |
|---|
| On BlackBerry Device Service, set the IT Policy rule "Personal Apps Access to Work Contacts" to "Only BlackBerry Apps". NOTE: This fix procedure affects both Personal and Work Spaces. |